VMware ESXi 41 Operations Guide TWP
-
Upload
anonymous-l24x6b -
Category
Documents
-
view
245 -
download
0
Transcript of VMware ESXi 41 Operations Guide TWP
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 1/22
VMware®
ESXi™
4.1Operations GuideT E C H N I C A L W H I T E P A P E R
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 2/22
T E C H N I C A L W H I T E P A P E R / 2
VMware® ESXi™ 4.1 Operations Guide
IntroductionThehypervisorarchitectureoVMware®vSphere™(“vSphere”)playsacriticalroleinthemanagemento
thevirtualinrastructureTheintroductionothebare-metalVMwareESX®architectureinsignicantlyenhancedperormanceandreliabilitywhichinturnenabledcustomerstoextendthebenetsovirtualizationto
theirmission-criticalapplicationsTheintroductionotheVMwareESXi™architecturerepresentsasimilarleap
orwardinreliabilityandvirtualizationmanagementLessthanpercentaslargeasVMwareESXVMwareESXi
runsindependentlyoanoperatingsystem(OS)andimproveshypervisormanagementintheareasosecurity
deploymentandcongurationandongoingadministrationYetnoneothiscomesatthecostounctionality
AllotheeaturesoeredbyVMwarevSpheresuchasVMwarevMotion™(vMotion)VMwareStorage
vMotion(StoragevMotion)VMwareHighAvailability(VMwareHA)VMwareFaultTolerance(VMwareFT)and
VMwareDistributedResourceScheduler(VMwareDRS)areullysupportedontheVMwareESXiarchitecture
ThispaperdescribesthearchitectureoVMwareESXiandthenexplainshowvariousmanagementtasksare
perormedinitThisinormationcanbeusedtohelpplanamigrationtotheVMwareESXiarchitectureromthe
legacyVMwareESXrameworkandtoimproveorenhanceday-to-dayoperations
ArchitectureIntheoriginalVMwareESXarchitecturethevirtualizationkernel(VMkernel)isaugmentedbyamanagement
partitionknownastheconsoleoperatingsystem(COS)orserviceconsoleTheprimarypurposeotheCOSisto
provideamanagementinteracewiththehostVariousVMwaremanagementagentsaredeployedintheCOS
alongwithotherinrastructureserviceagents(orexamplenameservicetimeserviceloggingandsoon)In
thisarchitecturemanycustomersdeployotheragentsromthirdpartiestoprovideaparticularunctionality
suchashardwaremonitoringandsystemmanagementFurthermoreindividualadministrativeusersloginto
theCOStoruncongurationanddiagnosticcommandsandscripts
Hardware
Monitoring
Agents
System
Management
Agents
VMware
Management
Agents
CLI Commands
for Configuration
and Support
Infrastructure
Agents
(NTP, Syslog)
Service console
VMkernel
Virtual Machine
Support and Resource
Management
VM VM VM
Figure 1. Architecture o VMware ESX
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 3/22
T E C H N I C A L W H I T E P A P E R / 3
VMware® ESXi™ 4.1 Operations Guide
IntheVMwareESXiarchitecturetheCOShasbeenremovedandallotheVMwareagentsrundirectlyon
theVMkernelInrastructureservicesareprovidednativelythroughmodulesincludedintheVMkernelOther
authorizedthird-partymodulessuchashardwaredriversandhardwaremonitoringcomponentscanruninthe
VMkernelaswellOnlymodulesthathavebeendigitallysignedbyVMwareareallowedonthesystemcreatinga
tightlylocked–downarchitecturePreventingarbitrarycoderomrunningontheVMwareESXihostgreatly
improvesthesecurityandstabilityothesystem
VMkernel Local Support Consoles
CLI Commands for
Configuration
and Support
Agentless
Systems
Management
VMware
Management
Framework
Infrastructure
Agents
(NTP, Syslog)
Virtual MachineSupport and
ResourceManagement
Common
Information
Model
Agentless
Hardware
MonitoringVM VM VM
Figure 2. Architecture o VMware ESXi
ManagementThemanagementunctionalitythatwasprovidedbyagentsintheVMwareESXarchitectureisnowexposed
viaAPIsintheVMwareESXiarchitectureThisallowsoran“agentless”approachtohardwaremonitoringand
systemmanagementVMwarealsocreatedremotecommandlinessuchastheVMwarevSphereCommand-
LineInterace(vCLI)andVMwarevSpherePowerCLI(PowerCLI)toprovidecommandandscripting
capabilitiesinamorecontrolledmannerTheseremotecommand-linesetsincludeavarietyocommandsor
congurationdiagnosticsandtroubleshootingForlow-leveldiagnosticsandtheinitialcongurationmenu-
drivenandcommand-lineinteracesareavailableonthelocalconsoleotheserverTheollowingsections
discussindividualmanagementtopicsanddescribehowtasksareperormedintheVMwareESXiarchitecture
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 4/22
T E C H N I C A L W H I T E P A P E R / 4
VMware® ESXi™ 4.1 Operations Guide
Service Console (COS)
Management Agents Agentless vAPI-Based
Agentless CIM-Based
vCLI, PowerCLI
Local Support Console
CIM API vSphere API
Native Agents:hostd, vpxa, NTP,Syslog, SNMP, etc.
Hardware Agents
Commands forConfiguration and
Diagnostics
InfrastructureService Agents
“Classic” VMware ESX VMware ESXi
Figure 3. New and Improved Paradigm or VMware ESX Management
Automation
ToautomatethemanagementoaVMwareESXideploymentVMwarehascreatedeasy-to-usescriptingtools
UserscanwritescriptswiththesameunctionalityasthevSphereclienttoautomatemanualtasksenabling
ecientmanagementandcongurationosmall-tolarge-scaleenvironmentsThesetoolsworkwellwithboth
VMwareESXiandVMwareESXhostsempoweringuserstoadministermixedenvironmentseasily
PowerCLIisarobustcommand-linetoolorautomatingallaspectsovSpheremanagementincludinghost
networkstoragevirtualmachineguestOSandmorePowerCLIisdistributedasaWindowsPowerShell
snap-inItincludesmorethanPowerShellcmdletsalongwithdocumentationandsamplesPowerCLI
seamlesslyblendsthevSphereplatormwithWindowsandNETwhichmeansyoucanusePowerCLIbyitselor
withinmanydierentthird-partytools
vCLIisasetomorethancommand-lineutilitiesthathelpusersprovisionconguretroubleshootand
maintainVMwareESXandVMwareESXihostsWherePowerCLIisbettersuitedorlarge-scaleautomation
vCLIisaimedatuserswhoeelmorecomortablewiththelegacyCOScommandsTherearecommands
thatcancompletelyautomatetheinitialcongurationoaVMwareESXihostandothersthatprovide
troubleshootinganddiagnosticcapabilitiesVMwareprovidesvCLIpackagesorinstallationonbothWindows
andLinuxsystemsandisavailableprepackagedaspartotheVMwarevSphereManagementAssistant
(vSphereManagementAssistant)
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 5/22
T E C H N I C A L W H I T E P A P E R / 5
VMware® ESXi™ 4.1 Operations Guide
vCLIhasnumerouscommandsortroubleshootingincluding
•vmkstools
•vmware-cmd
•resxtop
InvSphereimportantenhancementsmakethevCLImorepowerul
•Perormshostoperationssuchasrebootingandenteringorexitingmaintenancemodeusingthe
“vicg-hostops”command
•ConguresMicrosotActiveDirectoryusingthe“vicg-authcong”command
•ConguresIPsecwith“vicg-ipsec”
•Forciblyterminatesavirtualmachineevenwhenitisnotrespondingtonormalshutdowncommandsusing
the“esxclivms”command
•ConguresstoragetoagreaterextentincludingvarioussotwareiSCSIparametersandstorageplug-ins
usingaseriesonewoptionstothe“esxcli”command
•Employsadditionaldiagnosticcapabilitiesornetworkingandstorageincluding
– The“esxclinetwork”commandwhichlistsactiveconnectionsoractiveARPtableentries
–Newoptionsor“resxtop”whichshowNFSstatistics
BothPowerCLIandvCLIarebuiltonthesameinteracesasthevSphereclientTheycanbepointeddirectlyata
VMwareESXihostoratVMwarevCenter™Whenpointedatahosttheycanexecutecommandsdirectlyona
VMwareESXihostsimilarlytohowacommandintheCOSoVMwareESXoperatesononlythathostLocal
authenticationisrequiredinthiscaseAlternativelywhencommunicatingthroughVMwarevCenterthevCLI
andPowerCLIcommandsbenetromthesameauthentication(orexampleActiveDirectory)rolesand
privilegesandeventloggingasvSphereclientinteractionsThisprovidesoramuchmoresecureandauditable
managementramework
TheVMwarevSphereManagementAssistantisavirtualappliancethatpackagesthevCLItheVMware
vSphereSDKorPerlaswellasaloggingmodule(called“vi-logger”)andauthenticationmodulesor
unattendedscriptexecution(called“vi-astpass”)intooneconvenientbundle
Theollowingtablecontainsdierentcategoriesooperationalproceduresandthepreerredtooloreach
categoryWehaveratedeachtoolpertasktoclassiytheleveloexpertiserequired
TASK vCLI/vMA POWERCLI
Reporting Normal Easy
Monitoring Hard Normal
Conguration Easy Easy
Automation Normal Easy
Troubleshooting Easy Hard
Table 1. Ease o Operational Tasks
Althougheachothetoolscanbeusedtoaccomplishagiventasktheprecedingtablecanbeusedasan
indicationowhichtoolswouldbestmeetyourrequirements
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 6/22
T E C H N I C A L W H I T E P A P E R / 6
VMware® ESXi™ 4.1 Operations Guide
Deployment
VariousdeploymentmethodsaresupportedorVMwareESXisuchasbootingtheinstallerooaDVDorover
PXEanddeployingtheVMwareESXiimageontoalocaldiskoverthenetworkusingavarietyoprotocols
includingsecureHTTPVMwareESXienablesuserstodoascriptedinstallationotheVMwareESXisotwareontothelocaldiskoaserveranalogoustothekick-startmechanismusedorVMwareESXarchitectureThe
scriptedinstallationcongurationle(typicallynamed“kscg”)canalsospeciytheollowingscriptstobe
executedduringtheinstallation
•Preinstall
•Postinstall
•First-boot
ThesescriptsarerunlocallyontheVMwareESXihostandcanperormvarioustaskssuchasconguringthe
host’svirtualnetworkingandjoiningittoVMwarevCenterServerThesescriptscanbewrittenineithertheTech
SupportModeshellorPython
SupportorbootromSANhasbeenaddedtoVMwareESXiThissupportincludesFibreChannelSANas
wellasiSCSIandFCoEorcertainstorageadaptersthathavebeenqualiedorthiscapability
VMwareESXiisstillavailablepreinstalledonFlashdrivesoncertainservermodelsavailableromanumbero
hardwareOEMvendors(ConsulttheserverHCLtodeterminewhichcombinationsoserverandUSBorFlash
drivearesupported)
AsstatedwithvSphereVMwarehasaddedscriptedinstallationcapabilitiestoVMwareESXiAbasicscripted
CD-ROM–basedinstallentailstheollowingprocedure
1. Boot rom the VMware ESXi CD-ROM
2. Press “Tab” when the “VMware VMvisor Boot Menu” is displayed
3. Edit the string so that it includes the location o your script:
> mboot.c32 vmkboot.gz ks=http://<ip-address>/ks.cfg --- vmkernel.gz --- sys.vgz ---
cim.vgz --- ienviron.vgz --- install.vgz
Whenincludingthelocationoyourscriptensuretoappenditater“vmkbootgz”andbeore“---vmkernelgz”
orthescripttounctioncorrectlyTheip-addressshouldbereplacedwiththeip-addressotheWebserver
hostingthecongurationleThekscgcongurationlecanalsobelocatedonothertypesomediasuchas
CD-ROMoranFTPserverFormoredetailsreertothe VMware vSphere 4.1 ESXi Installable and vCenter Server
Setup Guide.
ItisalsopossibletoPXEboottheVMwareESXiinstallerThishoweverrequiresaTFTPserverthatsupportsPXE
bootgPXEandamodicationtoyourDHCPservertoallowtheDHCPservertosendthehostthecorrectTFTP
andPXEinormationFormoredetailsreertotheVMware vSphere 4.1 ESXi Installable and vCenter Server Setup
Guidewherethisprocedureisullydocumented
WhetherusingaPXEmechanismtoacilitatetheinstallationoraCD-ROMaso-calledanswerscriptisrequired
ThescriptollowsastandardizedormattosupplytheinstallerwiththecorrectparametersTheollowingexampleincludesapostinstallationactionandactionsontherstboottodemonstratetheendlesscapabilities
theVMwareESXiinstalleroersThesewillbeexplainedindetailasollows
# Accept the VMware End User License Agreement
vmaccepteula
# Set the root password for the DCUI and Tech Support Mode
rootpw mypassword
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 7/22
T E C H N I C A L W H I T E P A P E R / 7
VMware® ESXi™ 4.1 Operations Guide
# Choose the rst discovered disk to install onto
autopart --rstdisk --overwritevmfs
# The installation media is in the CD-ROM drive
install cdrom
# Set the network to DHCP on the rst network adapater
network --bootproto=dhcp --device=vmnic0
# A sample post-install script
%post --unsupported --interpreter=busybox --ignorefailure=true
# Download drivers required to access the network after a reboot
wget http://192.168.1.1/drivers.zip-O/vmfs/volumes/datastore1/drivers.zip
# A sample of the script that will run on rst boot
%rstboot –--unsupported –--interpreter=busybox
# Installation of the drivers for network access
esxupdate --bundle=/vmfs/volumes/datastore1/drivers.zip update
# Conguration of NTP Servers
echo restrict default kod nomodify notrap noquerynopeer > /etc/ntp.conf
echo restrict 127.0.0.1 >> /etc/ntp.conf
echo server 10.0.0.11 >> /etc/ntp.conf
echo server 10.0.0.12 >> /etc/ntp.conf
echo driftle /var/lib/ntp/drift >> /etc/ntp.conf
/sbin/chkcong --level 345 ntpd on
/etc/init.d/ntpd stop
/etc/init.d/ntpd start
# Rename the local datastore so that it includes the hostname
vim-cmd hostsvc/datastore/rename datastore1 $(hostname -s)-datastore01
# Add an extra nic to vSwitch0 (vmnic0 and vmnic2) and a VLAN ID
esxcfg-vswitch -L vmnic2 vSwitch0
esxcfg-vswitch -v 10 -p ‘Management Network’ vSwitch0
# Add vMotion Portgroup to vSwitch0
esxcfg-vswitch -A vMotion vSwitch0
# Assign an ip-adress to the vMotion VMkernel and a VLAN ID to the Portgroup
esxcfg-vswitch -v 20 -p vMotion vSwitch0
esxcfg-vmknic -a -i 192.168.2.41 -n 255.255.255.0 vMotion
# Wait to ensure everything has been created and refresh the network stack
sleep 5
vim-cmd hostsvc/net/refresh
# Enable vMotion on the newly created VMkernel vmk1
vim-cmd hostsvc/vmotion/vnic_set vmk1
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 8/22
T E C H N I C A L W H I T E P A P E R / 8
VMware® ESXi™ 4.1 Operations Guide
# Add new vSwitch for VM trafc (vmnic1 and vmnic3)
esxcfg-vswitch -a vSwitch1
#Create a standard portgroup for VMs to vSwitch1 and set a VLAN ID
esxcfg-vswitch -A Production_VLAN5 vSwitch1
esxcfg-vswitch -v 30 -p Production_VLAN5 vSwitch1
# Add NICs to the new vSwitch
esxcfg-vswitch -L vmnic1 vSwitch1
esxcfg-vswitch -L vmnic3 vSwitch1
# Wait to ensure everything has been created and refresh the network stack
sleep 5
vim-cmd hostsvc/net/refresh
ThisexamplescriptshowshowtoautomatetheinstallationoaVMwareESXihostthatrequiresthedownloado
adriverpackagebeorethehostisrebootedbytheinstallationprocessandtheinstallationothisdriver
packageatertherstbootAlthoughthisscenarioisrareitshowstheexibilityyouhavewhendeveloping
thesescripts
Thetool“wget”andtheuseopersistentstorageonadatastoreenableyoutodownloaddriversadditional
scriptsandmuchmoreFurthermorewedisplayhowtoenableandcongureNTPandhowtocreateadditional
vSwitchesandportgroupsincludingVLANIDs
OcoursetherearemanymoremanualstepsthatcanbeautomatedthroughtheuseostandardCLI
commandssuchas(butnotlimitedto)esxcliesxcg-*andvim-cmd
Itisimportanttorecognizethedierencebetweenthe%postandthe%rstbootsectionThe%rstbootsection
isthesectionthatismostcommonlyusedorconguringtheVMwareESXihostItisexecutedduringtherst
bootatertheinstallerhascompletedTheollowingdiagramdepictstheprocessoascriptedinstallationwhere
boththe%postand%rstbootsectionareused
Boot installer
%post
%firstboot
Finish
Reboot
Install with parameters
from provided ks.cfg
Figure 4. Scripted Installation Process
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 9/22
T E C H N I C A L W H I T E P A P E R / 9
VMware® ESXi™ 4.1 Operations Guide
InstallationDestination
Whenplanningtheimplementationo—ormigrationto—VMwareESXioneotherstdecisionsthatmustbe
madeconcernsthetypeoinstallationdestinationtobeusedTheormactoroVMwareESXienablesittobe
installedonmultipledierentinstallationdestinationtypeswhichincludetheollowing
•Localdisk(includingSSD)
•Removablemedia
– SB
– SD
•BootromSAN
– FC
– iSCSI
LocaldisksareapopularinstallationdestinationLocaldiskinstallationsprovidetwoadvantagesoverremovable
devicesresiliencyandtheleveloautomationResiliencyreerstotheabilitytoruntwolocaldisksinRAID-
AlthoughVMwareESXiisloadedintomemoryitmustwriteitscongurationonceeveryminutesonaverageInthecaseobootmediaailurethismightbeatriskpossiblyresultinginalossocongurationchangesLocal
diskinstallationsalsoenableyoutoimplementascriptedinstallationmechanismThismethodisalsosupported
orbootromSAN(iSCSIFC)butcurrentlynotsupportedorremovabledevicessuchasUSBandSDmedia
TheremustbeatleastGBodiskspaceavailableoralocaldiskinstallation
RemovabledevicessuchasUSBandSDhavealwaysbeenoneothetopVMwareESXiinstallationdestinations
duetotheexibilityandcostactorsassociatedwiththemThesedevicestypicallyhaveashorterliespanthan
harddisksandthereoreimposeaminorriskHardwarevendorshaveoundasolutionthatincreasesresiliency
byoeringa“dual-SDmodule”congurationAndmanycustomershavemitigatedtheriskbyusingenterprise-
gradeUSBSDmodulesandhavingoneormoreothemonhand
Fromanoperationalperspectivetheexibilityandresiliencyoermanybenetsalthoughthereisone
restrictionScriptedinstallationoVMwareESXionaremovabledeviceiscurrentlynotsupportedThiscanbe
mitigatedthroughtheuseohostprolesorbyautomatingthecongurationthroughPowerCLIRequirements
•VMwaresupportsremovabledevicesonlyundertheseconditions
– TheserveronwhichyouwanttoinstallVMwareESXixisinthe
VMware ESXi 4.x Hardware Compatibility Guide
and
–YouhavepurchasedaserverwithVMwareESXixembeddedontheserverromacertiedvendor
or
–YouhaveusedaUSBorSDFlashdevicethatisapprovedbytheservervendorortheparticularservermodel
onwhichyouwanttoinstallVMwareESXixonaUSBorSDFlashstoragedevice
AsovSpheresupportorbootromSAN—bothFCandiSCSI—hasbeenincludedBootromSANgivesyouresiliencyandenablesyoutoleveragetheexibilityoadisklessserverwhilestillprovidingyouwiththeoption
todoascriptedinstallation
Requirement
•SupportorbootromSANorstoragedeviceandadapters
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 10/22
T E C H N I C A L W H I T E P A P E R / 1 0
VMware® ESXi™ 4.1 Operations Guide
EachtypeoinstallationmediahasitsbenetsDependingontheenvironmentallmediashouldbeconsidered
Basedonrequirementsandconstraintsregardingbudgetlicensingandarraycapabilitiesadecisionmustbe
madeonaper-casebasisGenerallyspeakingusing“localdisks”isthemostcompellingoptionbecauseit
enablesyoutoullyautomateyourinstallationincomparisontoUSBSDanditisrelativelyinexpensivein
comparisontobootromSAN
HardwareMonitoring
TheCommonInormationModel(CIM)isanopenstandardthatdenesarameworkoragentlessstandards-
basedmonitoringohardwareresourcesorVMwareESXiThisrameworkconsistsoaCIMobjectmanager
otencalledaCIMbrokerandasetoCIMproviders
CIMprovidersarethemechanismsthatprovidemanagementaccesstodevicedriversandunderlyinghardware
Hardwarevendorsincludingservermanuacturersandspecichardwaredevicevendorscanwriteprovidersto
supplymonitoringandmanagementotheirparticulardevicesVMwarealsowritesprovidersthatimplement
monitoringoserverhardwareVMwareESXistorageinrastructureandvirtualization-specicresourcesThese
providersruninsidetheVMwareESXisystemandaredesignedtobeextremelylightweightandocusedon
specicmanagementtasksTheCIMbrokertakesinormationromallCIMprovidersandpresentsittothe
outsideworldviastandardAPIsthemostcommononebeingWS-MANAnysotwaretoolcompatiblewithone
otheseAPIssuchasHPSIMorDellOpenManagecanreadthisinormationmonitoringthehardwareothe
VMwareESXihost
OneconsumerotheCIMinormationisVMwarevCenterThroughadedicatedtabinthevSphereclientusers
canviewthehardwarestatusoanyVMwareESXihostintheirenvironmentprovidingasingleviewothe
physicalandvirtualhealthotheirsystemsUserscanalsosetVMwarevCenteralarmstobetriggeredoncertain
hardwareeventssuchastemperatureorpowerailureandwarningstates
Figure 5. Hardware Monitoring in VMware vCenter Server
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 11/22
T E C H N I C A L W H I T E P A P E R / 1 1
VMware® ESXi™ 4.1 Operations Guide
VMwareESXialsoexposeshardwarestatusinormationviaSNMPorothermanagementtoolsthatrelyupon
thatstandardSNMPtrapsareavailableromboththeVMwareESXihostandVMwarevCenterVMwareESXi
currentlysupportsSNMPvanditcanbeconguredusingthevCLIcommand“vicg-snmp”
FirmwareUpgrades
UpgradingrmwareonanyplatormisacumbersometaskHistoricallycustomerswhohaveusedtheCOShave
upgradedthermwarewithtoolsprovidedbytherespectivevendorWithVMwareESXithatapproachwillno
longerworkduetotheabsenceotheCOSFirmwareupgradeswillhoweverstillperiodicallyneedtobeapplied
CurrentlyVMwareESXioersnonativeunctionalityTheollowingwork-aroundsexisttosolvethisproblem
1. Hardware vendor bootable upgrade CD-ROM/DVD
2. PXE boot o vendor’s upgrade CD-ROM/DVD
3. Hardware vendor VMware vCenter plug-in or management application
4. PXE boot o small Linux distribution
ManyvendorsoerabootableCD-ROMDVDthatcontainsalldriversandrmwarecoderequiredTheseare
typicallycategorizedperservermodelandcanbeusedtobootahostoandmanuallyupgradetheappropriate
devicesThissolutiontypicallyisusedinenvironmentsouptohostsForlargerenvironmentswehaveound
thatusingaPXEbootcongurationinconjunctionwiththevendor-providedupgradedCD-ROM/DVDcanbea
exiblealternativeTheoveralltransersizeothetotalpackagemightbeaconstraint
Severalhardwarevendorsprovidemanagementplug-insorVMwarevCenterServerthatenableyoutomanage
rmwareupgradesromwithinthevSphereClientTheseplug-insotenoerreportingcapabilitiesthatreduce
thechancesoinconsistencyacrossthevirtualinrastructureLargeenvironmentstypicallyuseacentralized
managementapplicationtomanagehardwareendtoendwhichalsoincludesthecapabilitiestoupgrade
rmware
Findingauniedsolutiontomanagermwareandpatchesinanenvironmentwheremultipletypesohardware
romdierentvendorsareusedcanbeachallengeCreatingacustomslimmed-downLinuxappliancethat
identiesthehardwarecongurationandupdatesthermwareaccordinglycansolvethisproblemSolutions
suchasthesetypicallyuseaPXEbootcongurationwithacentralrepositoryorthedierenttypesormware
orthisenvironmentThisdoesrequireextensiveknowledgeothevariouscomponentsandasubstantialeort
withregardtodevelopmentbutitultimatelyleadstoahighlyexibleandscalablesolutionthatenablesyouto
updateanyothehardwarecomponents
Weadvisemanagingthermwarelevelconsistentlyandollowingthehardwarevendor’srecommendationsto
avoidrunningintoanyinterdependencyissuesWealsorecommendthatwhenyouareacquiringnewhardware
youlookintothelevelointegrationandthemechanismsthatcanbeleveragedaroundmanagingyour
hardwareEspeciallyinconvergedsharedplatormsavailabilityandmanageabilityarekeytothesuccesso
yourITdepartment
SystemsManagementandBackup
SystemsmanagementandbackupproductsintegratewithVMwareESXiviathevSphereAPIswhichhavebeen
signicantlyenhancedinvSpherethroughagentlesspartnerintegrationTheAPI-basedpartnerintegration
modelsignicantlyreducesmanagementoverheadbyeliminatingtheneedtoinstallandmanageagentsin
theCOS
VMwarehasworkedextensivelywithourecosystemtotransitionallpartnerproductstotheAPI-based
integrationmodeloVMwareESXiAsaresultBMCCAHPIBMEMCNetIQQuestSotwareCommvault
VizioncoreDouble-TakeSotwareSteelEyeandSymantecareamongthemajorityosystemsmanagementand
backupvendorsintheVMwareecosystemthathaveproductsthatsupportVMwareESXitodayIyouareusing
anagent-basedpartnersolutiontointegratewithVMwareESXcheckwithyourvendortoseeianewerversion
otheproductsupportsVMwareESXi
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 12/22
T E C H N I C A L W H I T E P A P E R / 1 2
VMware® ESXi™ 4.1 Operations Guide
VMwarealsoincludesbackupcapabilitywiththevSphereproductsuiteVMwareDataRecoveryisarobust
simple-to-deploybackupandrecoverysolutionthatbusinessesshouldconsidertoprovidetherstlineodata
protectionortheirvirtualenvironment
VMwareDataRecoveryenables
•Fullimagebackupovirtualmachines
•Fullandincrementalrecoveryovirtualmachinesplusrecoveryoindividuallesanddirectories
PatchingandUpdating
ThepatchingandupdatingoVMwareESXienablesexibilityandcontrolDuringthepatchingprocessonly
thespecicmodulesbeingupdatedarechangedTheadministratorcanpreserveanypreviousupdatestoother
componentsWhetherinstalledondiskorembeddedFlashmemoryVMwareESXiemploysa“dual-image”
approachwithboththecurrentandpriorversionpresentWhenapatchisinstalledthenewimageis
constructedandoverwritesthepriorimageThecurrentversionbecomesthepriorversionandthesystem
bootsothenewlywrittenimageIthereisaproblemwiththeimageoritheadministratorwishestorevert
totheprioronethehostissimplyrebootedotherecentgoodimage
Install Patch
Construct and Write New
Image to “Current Image”
Copy “Current Image” to
“Prior Image”
Figure 6. Workow or Installing Patches
VMwarevCenterUpdateManager(UpdateManager)isaVMwarevCenterplug-inpatch-managementsolution
orvSphereUpdateManagerenablescentralizedautomatedpatchandversionmanagementorvSphereIt
oerssupportorVMwareESXESXihostsvirtualmachinesandvirtualappliancesenablingadministratorsto
maketheirvirtualinrastructurecompliantwithbaselinestheydeneUpdatesthatusersspeciycanbeapplied
toguestoperatingsystemsaswellastoVMwareESXESXihostsvirtualmachinesandvirtualappliancesthat
canbescannedWithUpdateManageruserscanperormtheollowingtasks
•Scanorcomplianceandapplyupdatesorguestsappliancesandhosts
•DirectlyupgradehostsvirtualmachinehardwareVMwareToolsandvirtualappliances
•Installandupdatethird-partysotwareonhosts
UpdateManagerempowersuserstoapplyofinebundlepatchesThesearepatchesthataredownloadedmanuallyromaVMwareorthird-partyWebsitenothostedinanonlinedepotThisisespeciallyrelevantto
VMwareESXibecausemanyimportantcomponentssuchasthird-partydriverupdatesandCIMprovider
updatesareotendistributedonlyasofinebundles
AnalternativetoUpdateManageristhevCLIcommand“vihostupdate”Thiscommandappliessotwareupdates
toVMwareESXESXiimagesandinstallsandupdatesVMwareESXESXiextensionssuchasVMkernelmodules
driversandCIMprovidersUnlikeUpdateManager“vihostupdate”worksonlyonanindividualhostanddoes
notmonitororcompliancetobaselinesHowever“vihostupdate”doesnotrequireVMwarevCenterServerto
unctionTablegivesasummaryoVMwareESXipatchingandupdatingoptions
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 13/22
T E C H N I C A L W H I T E P A P E R / 1 3
VMware® ESXi™ 4.1 Operations Guide
PATCHING AN D
UPDATING TOOL
WHEN TO USE
VMwarevCenter
UpdateManager
•UsewhenhostsaremanagedbyVMwarevCenterServerUpdateManageris
integratedwithVMwarevCenterandprovidesasinglepaneoglass
•Usewhenmonitoringorcomplianceagainstpatchingbaselinesisrequired
•UsewhencoordinationwithhostmaintenancemodeisneededorVMwareDRSto
perormanorderlyevacuationovirtualmachinesromexistinghosts
“vihostupdate” •Useorone-ohostupgrades
•UseinremotesituationinwhichVMwarevCenterServerisnotaccessible
•UsewhenVMwareESXESXihostsarenotmanagedbyVMwarevCenterServer
Table 2. Considerations or Patching and Update Tool
UserAuthentication
Althoughday-to-dayoperationsaredoneonVMwarevCenterthereareinstanceswhenusersmustworkwith
ESXidirectlysuchaswithcongurationbackupandlogleaccessTocontrolaccesstothehostyoucanhave
localusersonaVMwareESXisystemWithVMwareESXiyoucancongurethehosttojoinanActive
Directorydomainandanyusertryingtoaccessthehostwillautomaticallybeauthenticatedagainstthe
centralizeduserdirectoryYoucanalsohavelocalusersdenedandmanagedonahost-by-hostbasisand
conguredusingthevSphereclientvCLIorPowerCLIThissecondmethodcanbeusedinplaceoorin
additiontotheActiveDirectoryintegration
UserscanalsocreatelocalrolessimilartoVMwarevCenterroleswhichdenethingsthattheuserisauthorized
todoonthehostForinstanceausercanbegrantedread-onlyaccesswhichallowsthemonlytoviewhost
inormationOrtheycanbegrantedadministratoraccesswhichallowsthembothtoviewandtomodiyhost
congurationIthehostisintegratedwithActiveDirectorylocalrolescanalsobegrantedtoActiveDirectory
usersandgroupsForexampleanActiveDirectorygroupcanbecreatedtoincludeuserswhoshouldhavean
administratorroleonasubsetoVMwareESXiserversOnthoseserverstheadministratorrolecanbegranted
tothatActiveDirectorygroupForallotherserversthoseuserswouldnothaveanadministratorroleIyourADadministratorcreatesagroupwiththename“VMwareESXAdmins”VMwareESXiautomaticallygrants
administratoraccesstothisgroupenablingthecreationoaglobaladministratorsgroupThisoperationcanbe
overriddenonindividualVMwareESXihostsbyassigningthe“NoAccess”roletothegroup“ESXAdmins”
TheonlyuserdenedbydeaultonthesystemistherootuserTheinitialrootpasswordistypicallysetusing
thedirectconsoleuserinterace(DCUI)ItcanbechangedaterwardusingthevSphereclientvCLIorPowerCLI
TherootuserisdenedonlylocallyInotherwordstherootpasswordisnotmanagedbyActiveDirectory
ItispossibletoexcludetherootuseraccessbyenablingLockdownModeThisisaddressedinalatersection
othispaper
Logging
LoggingisimportantorbothtroubleshootingandcomplianceVMwareESXiexposeslogsromthehostagent
(hostd)VMwarevCenteragent(vpxa)andVMkernel(messages)byusingahostsyslogcapabilityUserscanconguresyslogtowritelogsontoaleonanydatastoreaccessibletotheVMwareESXihostInVMwareESXi
thesystemisautomaticallyconguredtowriteloglestothescratchpartitionothehostdependingonthe
typeodeviceusedorinstallationForinstallationstolocaldiskstheinstallerrequiresaminimumoGB
availablediskspacetoguaranteethattheGBscratchpartitioncanbecreatedForUSBSDorboot-rom-SAN
installationswerecommendusingasharedVMFSvolumeoGBintotalregardlessotheclustersize
MonitoringtheavailablediskspaceonthisvolumeusingtheVMwarevCenter–providedalarmunctionalityis
alsorecommendedUserscanalsoconguresyslogtoorwardlogmessagestoasyslogserverorenterprise
centrallogging
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 14/22
T E C H N I C A L W H I T E P A P E R / 1 4
VMware® ESXi™ 4.1 Operations Guide
TheVMwareESXiloglestructureisdierentromthatoESXDuetotheactthatthereisnoserviceconsole
thereisalsononeedtohavethesamecollectionolesWithVMwareESXitheollowingloglesareused
PATH + LOG FILE DESCRIPTION
varlogmessages ThislogleincludestheVMkernelvmkwarningand
hostdlogs
varlogvmwarehostdlog Hostmanagementservice(hostd=Hostdaemon)log
varlogsysbootlog Systembootlog
var logvmwareaamvmware_hostname-xxxlog VMwareHAlogle
Table 3. Summary o Log Files
LoglesorcertaincapabilitiessuchasVMwareHAarenotmanagedthroughthesyslogacilityTheselogles
arestoredonlyonthelocalVMwareESXihost’sin-memorylesystemTheycanbedownloadedromthehost
byusingthevSphereclientoption“ExportDiagnosticData”
ItisabestpracticetoleveragethesyslogcapabilitiesthatESXioersUsingasyslogserverwillsimpliy
troubleshootingandensurethatloglesareaccessibleevenwhenaVMwareESXihosthasphysicallyailed
Manysyslogserversalsoenableeasiercorrelationbetweenevents
VMwareoersasyslogsolutionaspartothevSphereManagementAssistantwhichisdesignedprimarilyor
VMwareESXilogsOtheralternativesenableyoutodoadvancedeventcorrelationbetweenmanytypeso
devicesConguringthesyslogclientisstraightorwardandcanbedoneinsevensimplesteps
1. In the vSphere Client inventory, let-click the host.
2. Click the Confguration tab.
3. Click Advanced Settings under Sotware.
4. Select Syslog in the tree control.
5. In the Syslog.Remote.Hostname text box, enter the name o the remote host where syslog data will
be orwarded. I no value is specied, no data is orwarded.
6. In the Syslog.Remote.Port text box, enter the port on the remote host where syslog data will
be orwarded. By deault Syslog.Remote.Port is set to 514, the deault UDP port used by syslog.
Changes to Syslog.Remote.Port take eect only i Syslog.Remote.Hostname is congured.
7. Click OK.
AsecondcapabilitythatVMwareESXioersisspeciyingalocationorlocalloglesLocalreerstoanon-
syslogsolutionLocalloglesdon’tneedtobestoredonalocaldrivebutratheronanydatastoreItisabest
practiceorenvironmentswithoutasyslogservertospeciyaremoteVMFSdatastoretoensurethatlogles
willbeavailablewhenaVMwareESXihosthasphysicallyailedtoalloworarootcauseanalysisThiscanbe
conguredthroughthevSphereClientasollows
1. In the vSphere Client inventory, let-click the host.
2. Click the Confguration tab.
3. Click Advanced Settings under Sotware.
4. Select Syslog in the tree control.
5. In the Syslog.Local.DatastorePath text box, enter the datastore path to the le where syslog will log
messages. I no path is specied, the deault path is /var/log/messages. In addition, i pointing at a
datastore, ensure that the directory has been created previously.
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 15/22
T E C H N I C A L W H I T E P A P E R / 1 5
VMware® ESXi™ 4.1 Operations Guide
Thedatastorepathormatisvmsvolumesdatastoreolderlename
NOTE: You might need to reboot the host or the changes to take efect.
Youcanalsoincludetheservernameinthe“older”name
Boththesyslogadvancedsettingandthelocaldatastorepathsettingcanbedoneduringascriptedinstallation
throughtheuseovim-cmdTheollowingcommandisanexampleohowtosetthelocaldatastorepathtoa
datastorenamed“vms”;itincludesavariablethatinsertsthehostnameintothepatch
vim-cmd hostsvc/advopt/update Syslog.Local.DatastorePath string “[vmfs01] /$(hostname -s)/
logles/messages”
KeepingtheVMwareESXihostinsyncwithanaccuratetimesourceisveryimportantorensuringlogaccuracy
anditisrequiredorcomplianceItisalsoimportantiyouareusingthehosttomaintainaccuratetimeonthe
guestvirtualmachinesHoweverVMwarerecommendssynchronizingvirtualmachineswithanNTPorwtm
serverasdescribedin VMwareknowledgebasearticle andVMwareknowledgebasearticle
VMwareESXihasbuilt-inNTPcapabilitiesorsynchronizingwithNTPtimeserverswhichcanbecongured
throughthevSphereClientorthroughtheshellasshownintheautomatedinstallationscript
VM VM VM
Enterprise
Syslog
Collection
VMwareManagement
Framework
Local Support Consoles
Datastore
VMkernel
CommonInformation
Model
Virtual MachineSupport and
ResourceManagement
InfrastructureAgents (NTP,
Sylog, etc.)
Enterprise
NTP TIme
Server
Figure 7. Logging in VMware ESXi
LocalShellAccess
TechSupportModeisasimpleshelloradvancedtechnicalsupportWhenremotecommand-linetoolsarenot
capableoaddressingaparticularissueTechSupportModeprovidesanalternativeSimilarlytohowtheCOSis
usedtoexecutediagnosticcommandsandxcertainlow-levelproblemsTechSupportModeenablesusersto
viewlogandcongurationlesaswellastoruncertaincongurationandutilitycommandstodiagnoseandx
problemsTechSupportModeisnotbasedonLinuxRatheritisalimited-capabilityshellcompiledespeciallyor
VMwareESXi
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 16/22
T E C H N I C A L W H I T E P A P E R / 1 6
VMware® ESXi™ 4.1 Operations Guide
InVMwareESXiTechSupportModeisullysupportedorusebyendusersandisenhancedinseveralways
InadditiontobeingavailableonthelocalconsoleoahostitcanalsobeaccessedremotelythroughSSH
AccesstoTechSupportModeiscontrolledintheollowingways
•BothlocalandremoteTechSupportModecanbeenabledanddisabledseparatelyinboththeDCUIandvSphereClient
•TechSupportModecanbeusedbyanyauthorizedusernotjustrootusersUsersbecomeauthorizedwhen
theyaregrantedtheadministratorroleonahost(throughActiveDirectorymembershipinaprivilegedgroup
andthroughothermethods)
•AllcommandsissuedinTechSupportModeareloggedthroughsyslogprovidingaullaudittrailIasyslog
serverisconguredthisaudittrailisautomaticallyincludedintheremotelogging
•AtimeoutcanbeconguredorTechSupportMode(bothlocalandremote)sothataterbeingenableditwill
automaticallybedisabledatertheconguredtime
TechSupportModeisrecommendedoruseprimarilyorsupporttroubleshootingandbreak-xsituationsIt
alsocanbeusedaspartoascriptedinstallationasdescribedinaprevioussectionAllotherusesoTech
SupportModeincludingrunningcustomscriptsarenotrecommendedinmostcases
Diagnostics and TroubleshootingWithVMwareESXithereareavarietyooptionsordiagnosingproblemswiththeservercongurationor
operationaswellasorxingthemDierentmethodswillbeappropriatedependinguponthesituationThere
arealsoVMwareknowledgebasearticleswithinstructionsonvariousissues
TheDCUIisthemenu-driveninteraceavailableattheconsoleothephysicalserveronwhichVMwareESXiis
installedorembeddedItsmainpurposeistoperormtheinitialcongurationothehost(IPaddresshost
namerootpassword)anddiagnostics
TheDCUIhasseveraldiagnosticmenuitems
Restartallmanagementagentsincluding
•hostd
•vpxa
Resetcongurationsettingsorexample
•Fixamisconguredswitch
•Resetallcongurationstoactorydeaults
EnableTechSupportMode(shellaccess)including
•LocalTechSupportMode
•RemoteTechSupportMode(SSH-based)
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 17/22
T E C H N I C A L W H I T E P A P E R / 1 7
VMware® ESXi™ 4.1 Operations Guide
UserscanalsopointanordinaryWebbrowsertothehostandviewlesincluding
•Logles
•Congurationles
•Virtualmachineles
AsanexamplewewilldemonstratehowtoviewtheloglesoanygivenvirtualmachineAuserwithan
administratorrolemustprovidecredentialstousethiseatureTheprocedureisasollows
1. Open a browser and enter the URL http://<vCenter hostname>, where <vCenter hostname> is the IP
or ully qualied domain name or the VMware vCenter Server.
2. Provide administrative credentials when prompted.
3. Click the Browse datastores in the VMware vCenter inventory link.
4. Navigate the Web pages until you reach the appropriate datacenter, datastore and older, as noted
in step 1.
5. Click the link to the appropriate log le, and open it with your preerred editor.
TechSupportModeprovidesanothermeansormoreadvancedtroubleshootingandsupportasmentioned
earlierSomenewcommandsaddedtoTechSupportModeinVMwareESXiinclude
•vscsiStatswhichprovidesdetailedinormationonSCSIperormance
•ncwhichisbasedonthestandardnetcatutility
•tcpdump-uwwhichisbasedonthestandardtcpdumputility
SomecommandsthatareusedintroubleshootingscenariosarelistedasollowsoryourconvenienceThisis
notacomprehensivelistRatherthesearejustaewothecapabilitiesthatVMwareESXiTechSupportMode
oers
•vmkping -s 9000 <ipaddress>
Thecommandvmkpingcanbeusedtodobasicnetworktroubleshootingbutitismoreotenusedtovalidate
theoperationojumboramesbyaddingthesizeothepacketasshowninourexample
• fdisk –l
ThisenlistsallpartitionsandincludesthetypeothepartitionwhereVMFSpartitionsarelabeledas“b”
•vim-cmd hostsvc/maintenance _ mode _ enter
Maintenancemodecanbeenteredromthecommandlinebyusingvim-cmd
•vim-cmd hostsvc/maintenance _ mode _ exit
Maintenancemodecanbeexitedusingthiscommand
•vim-cmd vmsvc/getallvms
•vim-cmd vmsvc/poweroff <vm id>
TherstcommandprovidesalistoallthevirtualmachinescurrentlyregisteredonthehostThesecond
commandenablesyoutopoweroavirtualmachine
• vdf –ph
Thiswillprovidetheutilizationothein-memorylesystem
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 18/22
T E C H N I C A L W H I T E P A P E R / 1 8
VMware® ESXi™ 4.1 Operations Guide
ThesecommandsarejustexamplesowhatispossiblewithVMwareESXiTechSupportModeWerecommend
thatyouavoidenablingaccesstoESXiTechSupportModeunlessabsolutelyneededanddisablingaccessonce
itisnolongerneededIngeneraltroubleshootingworkowsaresimilartothosewithVMwareESXduetothe
eaturesetoTechSupportMode
TheextensiveVMwareknowledgebaseshouldalwaysbeyourrstresourceoranyproblemsthatareVMware
relatedForyourconveniencewehavelistedsomeothemostcommonissuesandmostaccessedVMware
knowledgebasearticlesorVMwareESXiasollows
1. Restart the management agents on a VMware ESXi host (1003490)
2. Determining why a single virtual machine is inaccessible (1018834)
3. Determining why a virtual machine was powered o or restarted (1019064)
4. Determining why multiple virtual machines are inaccessible (1019000)
5. Troubleshooting virtual machine network connection issues (1003893)
6. Interpreting virtual machine monitor and executable ailures (1019471)
7. Determining why a virtual machine does not respond to user interaction at the console (1017926)
8. Using Tech Support Mode in VMware ESXi 4.1 (1017910)
9. Determining why a VMware ESXi host is inaccessible (1019082)
10.Determining why a VMware ESXi host was powered o or restarted (1019238)
11.Determining why a VMware ESXi host does not respond to user interaction (1017135)
12.Enabling serial-line logging or a VMware ESXi host (1003900)
13.Using perormance collection tools to gather data or ault analysis (1006797)
14.Using hardware NMI acilities to troubleshoot unresponsive hosts (1014767)
15.Interpreting a VMware ESXi host purple diagnostic screen (1004250)
16.Troubleshooting VMware High Availability (VMware HA) (1001596)
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 19/22
T E C H N I C A L W H I T E P A P E R / 1 9
VMware® ESXi™ 4.1 Operations Guide
Local Access and Lockdown ModeVMwareESXiprovidestheabilitytoullycontrolalldirectaccesstothehostviaVMwarevCenterServer
OnceahosthasbeenjoinedtoVMwarevCenterServereverydirectcommunicationinteracewiththehostiscongurableasanindependentserviceinthecongurationtaborthehostinvSphereClientincluding
• DCUI
• Local Tech Support Mode
• Remote Tech Support Mode
Eachothesecanbeturnedonandoindividually
Figure 8. Local Access Services
AccessbasedonthevSphereAPI—orexamplethevSphereClientPowerCLIvCLIandsoon—isnormally
governedbygrantinglocalprivilegestospecicusersTherootuseristheonlyonethathasapermanent
administratorroleonthehostAllotherusersmustbeexplicitlygrantedalocalroleonthehostinorderto
accessit
Therearecasesinwhichyouwouldnotwantanyonetoaccessthehostdirectlyatallinsteadmanagingit
exclusivelythroughVMwarevCenterServerLockdownModeisaeaturedesignedtoprovidethiscapability
WhenLockdownModeisenabledonthehostalldirectremoteaccesstothehostisblockedincluding
•AnyvSphereAPIclient
•LocalTechSupportMode•RemoteTechSupportMode
EveniTechSupportModeisenabledLockdownModeeectivelyoverridesthisbypreventinganyconnection
romsucceedingTheonlywaytomanagethehostremotelyisthroughVMwarevCenterServerTheinteraction
betweenthehostandVMwarevCenterServeroccursthroughaspecial-purposeaccountcalled“vpxuser”;all
otherordinaryuseraccountsincludingrootcannolongerconnectremotely
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 20/22
T E C H N I C A L W H I T E P A P E R / 2 0
VMware® ESXi™ 4.1 Operations Guide
ForthespecialcaseohardwaremonitoringthroughtheCIMinteracemonitoringsotwaremustobtainthis
hardwareinormationdirectlyromthehostTodothisthemonitoringsotwaremustbeprogrammedtoobtain
aspecialauthenticationticketromVMwarevCenterServerThisticketallowsthesotwaretoobtainthe
inormationromthehostthroughtheVMwarevCenterServer“vpxuser”accountonaone-timebasis
WithLockdownModeenabledtheonlydirectaccesstothehostthatremainsopenisthroughtheDCUIThis
providesawaytoperormlimitedadministrativetasksoutsideoVMwarevCenterServerTheDCUIcanalso
turnoLockdownModedisablingitwithoutgoingthroughVMwarevCenterServerThismightbeuseuli
VMwarevCenterServerisdownorotherwiseunavailableandyouwishtoreverttodirectmanagementothe
hostTologintotheDCUIinLockdownModehowevertherootpasswordisrequiredNootherusercanlogin
evenitheyhavebeengrantedanadministratorrole
IntheextremecasedisablingoalldirectaccesstothehostmightbedesiredForexampleyoumightwantto
preventanyonewiththerootpasswordromdisablingLockdownModeandmanagingthehostInthiscaseyou
cantaketheadditionalstepodisablingtheDCUIorthehostthroughVMwarevCenterServerAterthisis
donenodirectinteractionwiththehostlocalorremoteispossibleItcanbemanagedonlythroughVMware
vCenterServerIVMwarevCenterServerisdownorotherwiseunavailableyoucannotreverttodirect
managementbecauseloggingintotheDCUIisnolongerpossibleItheVMwarevCenterServercannotbe
restoredtheonlywaytoreverttodirectmanagementistoreinstalltheVMwareESXisotwareonthehost
LockdownModeisnotpermanentItcanbedisabledoranyindividualVMwareESXihostatanytime(provided
thatVMwarevCenterServerisrunningandabletoconnecttothathost)TherecommendationisthatLockdown
Modebeusedinordinaryday-to-dayoperationsbutthatitbedisabledorahostitheneedarisestointeract
withitdirectlyForexampleiatroubleshootingsituationisencounteredandthetoolsprovidedbyVMware
vCenterServerarenotsucientLockdownModeshouldbedisabledandmoreextensivediagnosticsshouldbe
perormedusingTechSupportModeorexample
TablepresentsasummaryoLockdownModeanditsinteractionwiththevarioushostaccessservices
ACCESS MODE NORMAL LOCKDOWN LOCKDOWN +
DCUI DISABLED
vSphereAPI(eg
vSphereClient
PowerCLIvCLI
andsoon)
Anyuserbasedon
localrolesprivileges
None(exceptVMware
vCenter“vpxuser”)
None(exceptVMware
vCenter“vpxuser”)
CIM Anyuserbasedon
localrolesprivileges
None(exceptvia
VMwarevCenterticket)
None(exceptvia
VMwarevCenterticket)
DCUI Rootanduserswith
administratorprivileges
Rootonly None
TechSupportMode
(local)
Rootanduserswith
administratorprivileges
None None
TechSupportMode
(remote)
Rootanduserswith
administratorprivileges
None None
Table 4. Summary o Lockdown Mode Efect on Local Access
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 21/22
T E C H N I C A L W H I T E P A P E R / 2 1
VMware® ESXi™ 4.1 Operations Guide
SummaryTheollowingtableprovidesasummaryothetaskstraditionallyperormedintheserviceconsoleoVMware
ESXandtheunctionalequivalentsorVMwareESXi
TASK VMWARE ESX VMWARE ESXi
AccesslocallesVMFS
lescongurationles
logles
Consolecommandstobrowse
datastoresandvirtualmachineles
•Remotecommand-lineinterace
commandstolistandretrievesles
•vSphereclientdatastorebrowseror
VMFSlesdownloadsanduploads
les
Manipulatevirtual
machineles(or
examplemodiyvmx)
•Advancedcongurationdoneinthe
vSphereclient
•Consolecommandstomodiyvirtual
machineles
•Advancedcongurationdonein
vSphereClient
•Remotecommand-lineinterace
commandstolistandretrieves
virtualmachineles
Backup •Virtualmachinebackupagentsin
serviceconsoleVMwareData
Recoveryorthird-partybackup
products
•VMwareESXbackupusesagentsin
theserviceconsolecreatesarchive
oserviceconsolelesorperormsa
scriptedreinstall
•VirtualmachinebackupVMware
DataRecoveryorthird-partybackup
products
•VMwareESXibackupsinglesmall
backuplecreatedviavCLI
command“vicg-cgbackup”
Hardwaremonitoring •Agentsinserviceconsole
•SNMP
•CIM-basedframework
•SNMP
Patchingandupdating •UpdateManager
•RPM-basedthird-partytools
•UpdateManager
•vCLIcommand“vihostupdate”
Automated
deployment
RedHatKickstart •VMwareESXiscriptedinstallation
(analogoustoRedHatKickstart)
Troubleshootingor
support
Localesxcg-*commands •Remotecommand-lineinterace
commands
•TechSupportMode
Advanced
conguration
Editscongurationles(orexample
hostdcon)directly
•Remotecommand-lineinterace
commandstolistandretrieves
VMwareESXicongurationles
•EditslesinTechSupportMode
directly
Logging Remotesysloginserviceconsole Built-inremotesyslogclient
Perormance
monitoring
•vSphereclient
•“esxtop”inserviceconsole
•vSphereclient
•vCLIcommand“resxtop”
•“esxtop”inTechSupportMode
Reportingandauditing •Serviceconsolescripts
•Logles
•Remotecommand-lineinterace
commandstolistandretrieveslog
lescongurationandsettings
•vSphereClientoptiontoexport
diagnosticdata
Table 5. Comparison o Management Capabilities in VMware ESX and VMware ESXi
8/3/2019 VMware ESXi 41 Operations Guide TWP
http://slidepdf.com/reader/full/vmware-esxi-41-operations-guide-twp 22/22
VMware® ESXi™ 4.1 Operations Guide
VMware ESXi EditionsVMwareESXiarchitectureisoeredasapartoallvSphereproducteditionswitheachsuccessiveedition
oeringgreaterunctionalityAttheentrylevelVMwareoersthevSphereHypervisorwhichisareevirtualizationproductCertainVMwareESXieaturesarelimitedinthiseditionasoutlinedinTableAllother
paideditionsovSpherelittheseeaturerestrictionsHowevereventhoughthehost-leveleaturesarenot
limitedinallpaideditionsmanyadvancedeaturessuchasVMwareDRSandVMwareHAarestillonlyavailable
inhigher-licenseversions
FEATURE vSPHERE HYPERVISOR VMWARE ESXi ENTERPRISE
SNMPmonitoring Notsupported Fullunctionality
VMwareConsolidatedBackup
(VCB)andVMwareData
Recovery(vDR)tool
Notavailable Bothapplicationsareavailable
vCLI Limitedtoread-onlyaccess Fullunctionality
PowerCLIandvSphereSDKor
Perl
Limitedtoread-onlyaccess Fullunctionality
Table 6. Comparison o VMware ESXi Editions
AnadministratorwhohasdeployedvSphereHypervisorcanenjoythebenetsovirtualizationwithVMware
ESXiwithintheeaturelimitsHoweverthedeploymentcanbeupgradedtoamoreullyeaturedversiono
vSphereatanytimewithouthavingtouninstallorreinstalltheVMwareESXisotwareTheadditionalcapabilities
areactivatedsimplywhentheproperlicensekeyisprovidedeitherinthehostcongurationorinVMware
vCenterServer
References•VMware ESXi Confguration Guide
httpwwwvmwarecompdvspherervsp__esxi_server_congpd
•VMware ESXi Installable and vCenter Server Setup Guide:
httpwwwvmwarecompdvspherervsp__esxi_i_vc_setup_guidepd
•VMware vSphere Command-Line Interace Installation and Scripting Guide
httpwwwvmwarecomsupportdevelopervcli
•VMware vSphere Command-Line Interace Reerence
httpwwwvmwarecomsupportdevelopervcli
•VMware ESXi Upgrade Center
httpwwwvmwarecomgoUpgradeToESXi
•
VMware ESXi Chronicles Blog
httpblogsvmwarecomesxi
•William Lam’s VMware Scripts and Resources
httpwwwvirtuallyghettocom
VM I 3401 Hill i A P l Alt CA 94304 USA T l 877 486 9273 F 650 427 5001